Home Forums Front-end Issues Sequence of several forms resulting in one post Reply To: Sequence of several forms resulting in one post

  • Hi @jaro

    You’re probably fairly safe with this setup.

    A few things I’d consider:

    1. Make sure that ALL input data from the student is valid and escaped. Do not only rely on ACF for this but rather run it through your own checks too. For example if the code they should supply is numbers only make sure that the input value is a float (or int), strip all values of tags etc. etc.

    2. Remember that emails can be compromised so it is probably also a good idea to set a time restriction for the verification code. For instance you could make the code invalid after 1h. That way you are sure it does not matter if a students email gets hacked later on etc.

    3. Consider using shortlived WordPress transients for storing the data instead of PHP session? Or be sure to check up on your session security:

    Beyond that I think your biggest possible flaws would be human error like not updating plugins, having unsecure passwords etc.